Exchange Online Powershell - some commands are not working with Azure Automation

dumbosettle 1

I have an Azure Automation which connects to Exchange with certificate (setup follows this). I can successfully connect with a runbook, and run commands like Get-ExoRecipient, Get-ExoMailbox on user accounts or just use Get-AcceptedDomain.
However if I try to use the commands Get-ExoMailboxStatistics or Get-EXOMailboxPermission, I receive an error of "User is not allowed to call Get-MailboxStatistics" (sic!) and ""User is not allowed to call Get-MailboxPermission" (sic!). Longer error message is attached 274826-automat-xchange-bug.txt.
The application have the Exchange Administrator role, Exchange.ManageAsApp API permission, and also tried out with and without adding it to a custom Exchange role group and giving various extra Exchange permissions - without any change in the error message. Tried with both EOL PS 2.0.5, 3.0.0 & 3.1.0, same error everywhere.
What kind of privilige do I need to add to the automation to make those two commands working?

I have no problems running the script on my PC, with my own personal admin account.

Emily Hua-MSFT 27,531 Reputation points

2022-12-30T01:13:43.427+00:00

Hi,
As your issue is not related to OOS, I would remove the tag.
Thanks for your understandings.
tbgangav-MSFT 10,386 Reputation points

2023-01-10T04:27:28.13+00:00

Hi @dumbosettle ,

Try to find the permissions required by following this article which basically helps to find the rbac management roles and role groups that give you access to a specified cmdlet.
dumbosettle 1 Reputation point

2023-01-10T15:31:39.717+00:00

Hi @tbgangav-MSFT , Thanks for the tip, if I interpret the results correctly, the automation account has the proper rights to run both commands (result omitted, there are ~100 entries in it):

Role RoleAssigneeType RoleAssigneeName
... Application Exchange Full Access RoleGroup [automation account's name]
....